|
255331
|
5.3 |
MEDIUM
Network
|
sap
|
hana_database
|
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid use…
|
CWE-200
Information Exposure
|
CVE-2017-16687
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255332
|
6.1 |
MEDIUM
Network
|
sap
|
business_warehouse_universal_data_integration
|
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16685
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255333
|
9.8 |
CRITICAL
Network
|
sap
|
business_intelligence_promotion_management_application
|
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
|
CWE-287
Improper Authentication
|
CVE-2017-16684
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255334
|
6.5 |
MEDIUM
Network
|
sap
|
businessobjects
|
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
|
NVD-CWE-noinfo
|
CVE-2017-16683
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255335
|
7.2 |
HIGH
Network
|
sap
|
netweaver_internet_transaction_server
business_application_software_integrated_solution
|
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be execute…
|
CWE-94
Code Injection
|
CVE-2017-16682
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255336
|
6.1 |
MEDIUM
Network
|
sap
|
business_intelligence_promotion_management_application
|
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16681
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255337
|
6.1 |
MEDIUM
Network
|
sap
|
sap_kernel
|
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45…
|
CWE-601
Open Redirect
|
CVE-2017-16679
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255338
|
4.7 |
MEDIUM
Network
|
sap
|
netweaver_knowledge_management_configuration_service
epbc2
epbc
kmc-bc
|
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attack…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-16678
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255339
|
6.5 |
MEDIUM
Network
|
sap
|
business_application_software_integrated_solution
|
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verific…
|
CWE-20
Improper Input Validation
|
CVE-2017-16691
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255340
|
7.8 |
HIGH
Local
|
sap
|
plant_connectivity
|
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs…
|
CWE-426
Untrusted Search Path
|
CVE-2017-16690
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
